Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Juju: Disable anonymous auth on kubelet #41919
What this PR does / why we need it:
This disables anonymous authentication on kubelet when deployed via Juju.
I've also adjusted a few other TLS options for kubelet and kube-apiserver. The end result is that:
Which issue this PR fixes (optional, in
Special notes for your reviewer:
This is dependent on PR #41251, where the tactics changes are being merged in separately.
Some useful pages from the documentation:
Hi @Cynerva. Thanks for your PR.
I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with
I ran some preliminary testing on this and encountered a weird race condition during the turnup.
it looks like start_master was invoked before the auth was setup with these refactors. Attached is the unit artifact from juju-crashdump.
Thanks @chuckbutler. Looks like that's the case - it's a race condition I didn't hit, my bad!
I've amended this PR with a fix for that, by adding the
Verification failed in hack/verify-flags-underscore.py due to a conflict with #41971 - a new flag was introduced, and an exception added for us, but this PR happens to change that line of code. Oops!
I've rebased to origin/master and updated the exceptions file accordingly.
[APPROVALNOTIFIER] This PR is APPROVED
The following people have approved this PR: Cynerva, chuckbutler, eparis
Needs approval from an approver in each of these OWNERS Files:
We suggest the following people:
Mar 4, 2017
12 of 15 checks passed
@Cynerva: The following test(s) failed: